popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f794a557ad952ff1_toolspub2.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\toolspub2.exe
Size 260.5KB
Processes 2544 (newmar.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f39a0110a564f4a1c6b96c03982906ec
SHA1 08e66c93b575c9ac0a18f06741dabcabc88a358b
SHA256 f794a557ad952ff155b4bfe5665b3f448453c3a50c766478d070368cab69f481
CRC32 493BCF8E
ssdeep 3072:AgBNSI2W36CPbxWjaH5slc1fQNsl2KDEvjKQFHv:tr2W36CPbxWGH5shE6uUv
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 6e715d3514550843_06.ico
Submit file
Filepath c:\program files (x86)\myburn\06.ico
Size 2.2KB
Processes 2948 (is-40P74.tmp)
Type MS Windows icon resource - 1 icon, 32x64, 8 bits/pixel
MD5 8e8697bf8b59e5061eadaaa2d27fc9a6
SHA1 e6b7dbea3a923346caea0336a32d6b04420aa212
SHA256 6e715d35145508432f16b0d5d21e7640315be7701654dbda07a663750e295f60
CRC32 D7974F3D
ssdeep 24:pwOUHDgTDyTfrlhp3+7O0590MOEpZLqOmtmvf/NmD8a:Uooxrgj2ETvisnNO8a
Yara
  • icon_file_format - icon file format
VirusTotal Search for analysis
Name 7f4f53a9d3da9de6_d21cbe21e38b385a41a68c5e6dd32f4c.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
Size 4.2MB
Processes 2544 (newmar.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cfb47eefb1364872657b05199443bb25
SHA1 00227917c1dae8fc6f17fdff65741be4f5e57485
SHA256 7f4f53a9d3da9de64473196fa04ee1dd681f9ca3cdcccab4e1539fc03ab55102
CRC32 DAB277EF
ssdeep 98304:wzpVof9xZZp62DexKW1yEU17ieulZmp7SHX:coldk2DqhUFiHlZmoX
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 8dae19fc9c722a7f_success.wav
Submit file
Filepath c:\program files (x86)\myburn\sounds\success.wav
Size 66.5KB
Processes 2948 (is-40P74.tmp)
Type RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 19886 Hz
MD5 fd8177d61c8dd032dd262bf979d852f6
SHA1 ac64e21b7c80e996bcb369b6023bec4191568a52
SHA256 8dae19fc9c722a7fb169f37b5881e74551a8d3b8b43ec6f52b6d5d46e885ed6c
CRC32 53DE715F
ssdeep 1536:uQ4BvC7uGEQ9mBvqSt/YMJOEOR7sWMdmxm5ovXD5yk3R:u7BKtEQYByq/YUMbMdmQ2/L3R
Yara None matched
VirusTotal Search for analysis
Name 08d2876741f4fd5e__setup64.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isetup\_setup64.tmp
Size 4.5KB
Processes 2948 (is-40P74.tmp)
Type PE32+ executable (console) x86-64, for MS Windows
MD5 9e5ba8a0db2ae3a955bee397534d535d
SHA1 ef08ef5fac94f42c276e64765759f8bc71bf88cb
SHA256 08d2876741f4fd5edfae20054081cef03e41c458ab1c5bbf095a288fa93627fa
CRC32 86657B37
ssdeep 48:6Q5EWGg69eR+Xl4SH8u09tmRJ/tE/wJI/tZ/P8sB1a:32Gel4NP9tK2/wGXhHa
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • DllRegisterServer_Zero - execute regsvr32.exe
VirusTotal Search for analysis
Name a85af12749a97eea_myburn.exe
Submit file
Filepath c:\program files (x86)\myburn\myburn.exe
Size 2.1MB
Processes 2948 (is-40P74.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f0fd986799e64ba888a8031782181dc7
SHA1 df5a8420ebdcb1d036867fbc9c3f9ca143cf587c
SHA256 a85af12749a97eeae8f64b767e63780978c859f389139cd153bedb432d1bfb4f
CRC32 E37509F1
ssdeep 24576:etsU+SS2TfWau3/vx9j1yDoS7MM+5b0DI/oRUkiiSGhCbIbpR3xe2jqWrx12Qn31:e5+weXJiVbiN0XDbN
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name f91e4ff7811a5848_latestx.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\latestX.exe
Size 5.6MB
Processes 2544 (newmar.exe)
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 bae29e49e8190bfbbf0d77ffab8de59d
SHA1 4a6352bb47c7e1666a60c76f9b17ca4707872bd9
SHA256 f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87
CRC32 1EC89FFF
ssdeep 49152:MMcDmMRlBdzs3EThgR0uEqBXLdcJAbtNmbOHaGhEospqOziZXAfrrARS7JL2ozPX:dcdrCET8XeospuZXAf0EJyocDKIVDT05
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name 8b9d97c137459a49_readme.txt
Submit file
Filepath c:\program files (x86)\myburn\readme.txt
Size 13.9KB
Processes 2948 (is-40P74.tmp)
Type ASCII text, with CRLF line terminators
MD5 06a5df751eb0765e69bfb15e12f4c665
SHA1 7394bf7df2dda47bf8d55bfbc880d2a2316054ac
SHA256 8b9d97c137459a495936af47f5140fe75f795728a30e9ec3d8ac9c1cb2e5c65f
CRC32 BC73E719
ssdeep 384:/GytFQEuWAUJTN3zLDwm/Fx30pnNbIO6GusyiqE0:eqFQEubUJRUcIuO3uEqv
Yara None matched
VirusTotal Search for analysis
Name dbe17d818c09d179_unins000.exe
Submit file
Filepath c:\program files (x86)\myburn\unins000.exe
Size 652.3KB
Processes 2948 (is-40P74.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 959eb359a695e540f06327736995b343
SHA1 686d8aa67c6fcd72aaa22b60679e027297b3456a
SHA256 dbe17d818c09d179d90bdf769b363339b52154b178fef3504490dc2baf0a895e
CRC32 C7014738
ssdeep 12288:ShmNwuOE5lrP9377zHJA6YZasySNsh7daVCSePPxpZ:YmNwuOE5lrP9377zHJA6zsyBsVC7PxpZ
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • mzp_file_format - MZP(Delphi) file format
  • DllRegisterServer_Zero - execute regsvr32.exe
  • ConfuserEx_Zero - Confuser .NET
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name acad74b9bb57809e_error.wav
Submit file
Filepath c:\program files (x86)\myburn\sounds\error.wav
Size 35.1KB
Processes 2948 (is-40P74.tmp)
Type RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 22050 Hz
MD5 efad8c5d6cc6cae180ebe01ce3a60c88
SHA1 614839975c1f07161f3c26ba2af08ae910b21c61
SHA256 acad74b9bb57809e1b35bc06f357941986ebdc547ba33fc618f07e6e7bdc49bd
CRC32 55C3A8BE
ssdeep 768:R4vVGwokwkbii/GMCHCQ6baGkfS2clSW4EHN9sHJe:G9GwvOMDCV6b+fg4EAJe
Yara None matched
VirusTotal Search for analysis
Name 26cd9cc9a0dd6884_k.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\K.exe
Size 8.0KB
Processes 2728 (kos2.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ac65407254780025e8a71da7b925c4f3
SHA1 5c7ae625586c1c00ec9d35caa4f71b020425a6ba
SHA256 26cd9cc9a0dd688411a4f0e2fa099b694b88cab6e9ed10827a175f7b5486e42e
CRC32 2FD93F29
ssdeep 96:vJOuixX5B7Xb5at51hVjlwgkdgKozt1OfCkFvzzNt:Y73ip0gGg3OdV
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis
Name a553cb76843a352f_unins000.dat
Submit file
Filepath C:\Program Files (x86)\MyBurn\unins000.dat
Size 3.7KB
Processes 2948 (is-40P74.tmp)
Type data
MD5 ad1b267a5dfd207b4092cbd7e99d1bfe
SHA1 4ae1e9fef98d4d466153e5a46621450592ba5ecc
SHA256 a553cb76843a352fe144cb05481f7f77e61320376df3e653e041daa36535b16c
CRC32 4EDBBEE6
ssdeep 48:SGLiLnh8RyMELBv8zVJpJWzZk5tHnAtZMoYLVO3471obqz2btQSt1yLBHcUlORLq:KhuMp8zVJp4zOfnAtZJEOIho+as6L9I
Yara None matched
VirusTotal Search for analysis
Name 684792de70ec523b_licence.txt
Submit file
Filepath c:\program files (x86)\myburn\licence.txt
Size 4.8KB
Processes 2948 (is-40P74.tmp)
Type Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5 0da23abba8ce40acb3a73a490360ac4b
SHA1 d0eb57c8176a455ce4dfd2dbee3d9fdc7dbc34f8
SHA256 684792de70ec523bd4b69db871b6410ab331cc9f39c9b3a69f5c38fe8a18269d
CRC32 4AFFF6FE
ssdeep 96:VrGVy+hxywresod226jfMHGbW5qGmokRQg2HmLUodWXLdQ3:U/re9A2qMmbW5MdRUHmLvdW7u
Yara None matched
VirusTotal Search for analysis
Name 9884e9d1b4f8a873__shfoldr.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isetup\_shfoldr.dll
Size 22.8KB
Processes 2948 (is-40P74.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
CRC32 AE2C3EC2
ssdeep 384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 58ee49d4b4f6def9__isdecmp.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_isdecmp.dll
Size 12.5KB
Processes 2948 (is-40P74.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7cee19d7e00e9a35fc5e7884fd9d1ad8
SHA1 2c5e8de13bdb6ddc290a9596113f77129ecd26bc
SHA256 58ee49d4b4f6def91c6561fc5a1b73bc86d8a01b23ce0c8ddbf0ed11f13d5ace
CRC32 F67BFCB7
ssdeep 384:BGlcOuwieg7n8Ct6OMmLjrbhzlTQFLLHoOO/em:BGl/kQCnvvhzlTQxLIO
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 3aff42275d4dfc0a_imgburnpreview.exe
Submit file
Filepath c:\program files (x86)\myburn\imgburnpreview.exe
Size 209.5KB
Processes 2948 (is-40P74.tmp)
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 79f705d9bd2cc24380df3f17a49dbab5
SHA1 e796fbeab01a9068134f85907b159acf3280cd62
SHA256 3aff42275d4dfc0a7abe165fd78f7e03edb23bd78468e9faa5f0cb49d3369e80
CRC32 88CED01F
ssdeep 3072:Fm1BzKL2lZ33qxjrzVcol6gUjywWHlGvakyvVuk2AQ4w/vvoutc:8LzL33qxjWoG19xCuzAQn/XoS
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2f6294f9aa09f59a__iscrypt.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\is-48DGV.tmp\_iscrypt.dll
Size 2.5KB
Processes 2948 (is-40P74.tmp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
CRC32 FB05FA3A
ssdeep 24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2a11969fcc1df035_set16.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\set16.exe
Size 1.5MB
Processes 2728 (kos2.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
MD5 b224196c88f09b615527b2df0e860e49
SHA1 f9ae161836a34264458d8c0b2a083c98093f1dec
SHA256 2a11969fcc1df03533ad694a68d56f0e3a67ce359663c3cf228040ab5baa5ed8
CRC32 E1D0B9A1
ssdeep 24576:Xpnivp/Qe5YxwrdE+p6wLhB0PWYPTrm+F1yKK5lkR0qYg801An/2HK68f7KQOww1:Zivp/lbG+p6wIPW0F1yKKLAwb01KOq6H
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • mzp_file_format - MZP(Delphi) file format
  • ConfuserEx_Zero - Confuser .NET
VirusTotal Search for analysis
Name c1b31186d170a2a5_kos2.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\kos2.exe
Size 1.5MB
Processes 2544 (newmar.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 665db9794d6e6e7052e7c469f48de771
SHA1 ed9a3f9262f675a03a9f1f70856e3532b095c89f
SHA256 c1b31186d170a2a5755f15682860b3cdc60eac7f97a2db9462dee7ca6fcbc196
CRC32 5E4534CF
ssdeep 24576:hHs8aqF+/cEMlLoQdUiF6DrkdlUmdiBg/O0Bz3MRoiSsg2SKuPtc+LSkvQ2:C9GLNHFABGO43KoGg2iEmQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)
VirusTotal Search for analysis